[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap version (proxy cache) - results



> Hi all,
>
> Just to make this thread more exiting, some of my experiences from
> the last days ;)
>
> I have succesfully compiled openldap 2.2.23 from source on our
> fedora core 1 install. The only development package missing was bdb
> (installed 4.2.52 with patches).
>
> Openldap compiled with the following command:
> ---
> env CPPFLAGS="-I/usr/local/BerkeleyDB.4.2/include"
> LDFLAGS="-L/usr/local/BerkeleyDB.4.2/lib"
> ./configure --enable-ldap --enable-proxycache
> ---
> Funny to find out the '--enable-ldap' parameter, without it openldap
> does not support: ldap :) .. eh eh
>
> Enfin, caching was (/is) our target. After building the propper
> slapd.conf (took me some time to figure out that the proxyAttrset
> should only contain the attributes returned by the query's to enable
> caching ... ) i got a few problems:
>
> 1. The first query (that is cachable) returns an extra attribute

Quite odd, I remember fixing that bug some time ago (attributes in the
filter get added to the request to the remote server to allow further
local filtering on cached entries, but they shouldn't be returned).  Maybe
the fix was not completely backported to 2.2, or not ported at all; I'll
check.

>
> ---
>  ldapsearch -b "o=Domain,c=nl"
> '(&(mail=chris@Domain.nl)(mailUserStatus=active))' mail -x)
> [ cut ]
> dn: [cut ]
> mail: chris@Domain.nl
> mailUserStatus: active
>
> # search result
> search: 2
> result: 0 Success
>
>  ldapsearch -b "o=Domain,c=nl"
> '(&(mail=chris@Domain.nl)(mailUserStatus=active))' mail -x)
> [ cut ]
> dn: [cut ]
> mail: chris@Domain.nl
>
> # search result
> search: 2
> result: 0 Success
> ---
>
> This confuses exim if you use the ldap-proxy in an exim router. It
> will return a 'failed' answer to the first lookup :(
>
> 2. Segfault after pressing ctrl-c in a 'ldapsearch' without '-x'
> specified. I run slapd with "slapd -d 64 -c slapd.conf".

There's very little info to trace this bug, but I suspect your cyrus-sasl
was built with a link to a previous version of Berkeley db that is bundled
with your system.  If this is the case (just ldd libsasl2.so and the
modules) you should rebuild cyrus-sasl with Berkeley db 4.2.52 (in any
case, with the same version linked in by slapd); or, slapd is simply not
loading the same run-time libsasl2 it was built with.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497